Jayesh Jose:
Trying to understand the roles and role and binding concept . User
we are binding the role is the linux system user ?.https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Tej_Singh_Rana:
Hello, @Jayesh Jose
User
is not related to the Linux system users and groups.
User
, which specified in the kubeconfig file users
column to authenticate to the k8s cluster.
You can see more details about User in the k8s docs.
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes
Pranay:
@Jayesh Jose In past I was supper confused about this - no one place was it clearly explained - but in CKA “security” section (https://kodekloud.com/courses/539883/lectures/9808250) Mumshad makes it clear .
In Plain english
Out of the box K8s does know any user - it will allow any user to come in ( Authentication )
If you want k8s to do Authentication you have to plug-in your Authentication
Above is true for “users” (human interacting with system)
Okay once user is “in” - now what they can do that is all we learn in RBAC (Authorization)
How does k8s know what is user id user is logging in - As Tej pointed out you provide that in your .kube/config file
=====
FYI : RBAC is still part of CKA - but more of user creation / CSR / various certificates etc now has moved to CKS - That is what I hear from others
Mumshad can literally copy “security” part of CKA training as-is to CKS training and it will be still be very very relevant .
Jayesh Jose:
Thank you @Pranay !! I’m clear with this now